1 /******************************************************************************
2 *
3 * Copyright (C) 2009-2012 Broadcom Corporation
4 *
5 * Licensed under the Apache License, Version 2.0 (the "License");
6 * you may not use this file except in compliance with the License.
7 * You may obtain a copy of the License at:
8 *
9 * http://www.apache.org/licenses/LICENSE-2.0
10 *
11 * Unless required by applicable law or agreed to in writing, software
12 * distributed under the License is distributed on an "AS IS" BASIS,
13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 * See the License for the specific language governing permissions and
15 * limitations under the License.
16 *
17 ******************************************************************************/
18
19 /******************************************************************************
20 *
21 * this file contains GATT database building and query functions
22 *
23 ******************************************************************************/
24
25 #include "bt_target.h"
26
27 #if BLE_INCLUDED == TRUE
28
29 #include "bt_trace.h"
30
31 #include <stdio.h>
32 #include <string.h>
33 #include "gatt_int.h"
34 #include "l2c_api.h"
35
36 /********************************************************************************
37 ** L O C A L F U N C T I O N P R O T O T Y P E S *
38 *********************************************************************************/
39 static BOOLEAN allocate_svc_db_buf(tGATT_SVC_DB *p_db);
40 static void *allocate_attr_in_db(tGATT_SVC_DB *p_db, UINT16 uuid16, UINT8 *p_uuid128, tGATT_PERM perm);
41 static BOOLEAN deallocate_attr_in_db(tGATT_SVC_DB *p_db, void *p_attr);
42 static BOOLEAN copy_extra_byte_in_db(tGATT_SVC_DB *p_db, void **p_dst, UINT16 len);
43
44 static void gatts_db_add_service_declaration(tGATT_SVC_DB *p_db, tBT_UUID service, BOOLEAN is_pri);
45 static tGATT_STATUS gatts_send_app_read_request(tGATT_TCB *p_tcb, UINT8 op_code,
46 UINT16 handle, UINT16 offset, UINT32 trans_id);
47
48 /*******************************************************************************
49 **
50 ** Function gatts_init_service_db
51 **
52 ** Description This function initialize a memory space to be a service database.
53 **
54 ** Parameter p_db: database pointer.
55 ** len: size of the memory space.
56 **
57 ** Returns Status of te operation.
58 **
59 *******************************************************************************/
gatts_init_service_db(tGATT_SVC_DB * p_db,tBT_UUID service,BOOLEAN is_pri,UINT16 s_hdl,UINT16 num_handle)60 BOOLEAN gatts_init_service_db (tGATT_SVC_DB *p_db, tBT_UUID service, BOOLEAN is_pri,
61 UINT16 s_hdl, UINT16 num_handle)
62 {
63 if (!allocate_svc_db_buf(p_db))
64 {
65 GATT_TRACE_ERROR0("gatts_init_service_db failed, no resources");
66 return FALSE;
67 }
68
69 GATT_TRACE_DEBUG0("gatts_init_service_db");
70 GATT_TRACE_DEBUG2("s_hdl = %d num_handle = %d", s_hdl, num_handle );
71
72 /* update service database information */
73 p_db->next_handle = s_hdl;
74 p_db->end_handle = s_hdl + num_handle;
75
76 gatts_db_add_service_declaration(p_db, service, is_pri);
77
78 return TRUE;
79 }
80
81 /*******************************************************************************
82 **
83 ** Function gatts_init_service_db
84 **
85 ** Description This function initialize a memory space to be a service database.
86 **
87 ** Parameter p_db: database pointer.
88 ** len: size of the memory space.
89 **
90 ** Returns Status of te operation.
91 **
92 *******************************************************************************/
gatts_get_service_uuid(tGATT_SVC_DB * p_db)93 tBT_UUID * gatts_get_service_uuid (tGATT_SVC_DB *p_db)
94 {
95 if (!p_db || !p_db->p_attr_list)
96 {
97 GATT_TRACE_ERROR0("service DB empty");
98
99 return NULL;
100 }
101 else
102 {
103 return &((tGATT_ATTR16 *)p_db->p_attr_list)->p_value->uuid;
104 }
105 }
106
107 /*******************************************************************************
108 **
109 ** Function gatts_check_attr_readability
110 **
111 ** Description check attribute readability
112 **
113 ** Returns status of operation.
114 **
115 *******************************************************************************/
gatts_check_attr_readability(tGATT_ATTR16 * p_attr,UINT16 offset,BOOLEAN read_long,tGATT_SEC_FLAG sec_flag,UINT8 key_size)116 static tGATT_STATUS gatts_check_attr_readability(tGATT_ATTR16 *p_attr,
117 UINT16 offset,
118 BOOLEAN read_long,
119 tGATT_SEC_FLAG sec_flag,
120 UINT8 key_size)
121 {
122 UINT16 min_key_size;
123 tGATT_PERM perm = p_attr->permission;
124
125 min_key_size = (((perm & GATT_ENCRYPT_KEY_SIZE_MASK) >> 12));
126 if (min_key_size != 0 )
127 {
128 min_key_size +=6;
129 }
130
131 if (!(perm & GATT_READ_ALLOWED))
132 {
133 GATT_TRACE_ERROR0( "GATT_READ_NOT_PERMIT");
134 return GATT_READ_NOT_PERMIT;
135 }
136
137 if ((perm & GATT_READ_AUTH_REQUIRED ) && !(sec_flag & GATT_SEC_FLAG_LKEY_UNAUTHED) &&
138 !(sec_flag & BTM_SEC_FLAG_ENCRYPTED))
139 {
140 GATT_TRACE_ERROR0( "GATT_INSUF_AUTHENTICATION");
141 return GATT_INSUF_AUTHENTICATION;
142 }
143
144 if ((perm & GATT_READ_MITM_REQUIRED ) && !(sec_flag & GATT_SEC_FLAG_LKEY_AUTHED))
145 {
146 GATT_TRACE_ERROR0( "GATT_INSUF_AUTHENTICATION: MITM Required");
147 return GATT_INSUF_AUTHENTICATION;
148 }
149
150 if ((perm & GATT_READ_ENCRYPTED_REQUIRED ) && !(sec_flag & GATT_SEC_FLAG_ENCRYPTED))
151 {
152 GATT_TRACE_ERROR0( "GATT_INSUF_ENCRYPTION");
153 return GATT_INSUF_ENCRYPTION;
154 }
155
156 if ( (perm & GATT_READ_ENCRYPTED_REQUIRED) && (sec_flag & GATT_SEC_FLAG_ENCRYPTED) && (key_size < min_key_size))
157 {
158 GATT_TRACE_ERROR0( "GATT_INSUF_KEY_SIZE");
159 return GATT_INSUF_KEY_SIZE;
160 }
161
162
163 if (read_long)
164 {
165 switch (p_attr->uuid)
166 {
167 case GATT_UUID_PRI_SERVICE:
168 case GATT_UUID_SEC_SERVICE:
169 case GATT_UUID_CHAR_DECLARE:
170 case GATT_UUID_INCLUDE_SERVICE:
171 case GATT_UUID_CHAR_EXT_PROP:
172 case GATT_UUID_CHAR_CLIENT_CONFIG:
173 case GATT_UUID_CHAR_SRVR_CONFIG:
174 case GATT_UUID_CHAR_PRESENT_FORMAT:
175 GATT_TRACE_ERROR0("GATT_NOT_LONG");
176 return GATT_NOT_LONG;
177
178 default:
179 break;
180 }
181 }
182
183 return GATT_SUCCESS;
184 }
185
186 /*******************************************************************************
187 **
188 ** Function read_attr_value
189 **
190 ** Description Utility function to read an attribute value.
191 **
192 ** Parameter p_attr: pointer to the attribute to read.
193 ** offset: read offset.
194 ** p_value: output parameter to carry out the attribute value.
195 ** p_len: output parameter to carry out the attribute length.
196 ** read_long: this is a read blob request.
197 ** mtu: MTU
198 ** sec_flag: current link security status.
199 ** key_size: encryption key size.
200 **
201 ** Returns status of operation.
202 **
203 *******************************************************************************/
read_attr_value(void * p_attr,UINT16 offset,UINT8 ** p_data,BOOLEAN read_long,UINT16 mtu,UINT16 * p_len,tGATT_SEC_FLAG sec_flag,UINT8 key_size)204 static tGATT_STATUS read_attr_value (void *p_attr,
205 UINT16 offset,
206 UINT8 **p_data,
207 BOOLEAN read_long,
208 UINT16 mtu,
209 UINT16 *p_len,
210 tGATT_SEC_FLAG sec_flag,
211 UINT8 key_size)
212 {
213 UINT16 len = 0, uuid16 = 0;
214 UINT8 *p = *p_data;
215 tGATT_STATUS status;
216 UINT16 read_long_uuid=0;
217 tGATT_ATTR16 *p_attr16 = (tGATT_ATTR16 *)p_attr;
218
219 GATT_TRACE_DEBUG5("read_attr_value uuid=0x%04x perm=0x%0x sec_flag=0x%x offset=%d read_long=%d",
220 p_attr16->uuid,
221 p_attr16->permission,
222 sec_flag,
223 offset,
224 read_long);
225
226 status = gatts_check_attr_readability((tGATT_ATTR16 *)p_attr, offset, read_long, sec_flag, key_size);
227
228 if (p_attr16->uuid_type == GATT_ATTR_UUID_TYPE_16)
229 uuid16 = p_attr16->uuid;
230
231 if (status != GATT_SUCCESS)
232 return status;
233
234 status = GATT_NO_RESOURCES;
235
236 if (read_long &&
237 (uuid16 == GATT_UUID_CHAR_DESCRIPTION || uuid16 == GATT_UUID_CHAR_AGG_FORMAT))
238 {
239 read_long_uuid = p_attr16->uuid;
240 }
241
242 if (uuid16 == GATT_UUID_PRI_SERVICE || uuid16 == GATT_UUID_SEC_SERVICE)
243 {
244 len = p_attr16->p_value->uuid.len;
245 if (mtu >= p_attr16->p_value->uuid.len)
246 {
247 gatt_build_uuid_to_stream(&p, p_attr16->p_value->uuid);
248 status = GATT_SUCCESS;
249 }
250 }
251 else if (uuid16 == GATT_UUID_CHAR_DECLARE)
252 {
253 len = (((tGATT_ATTR16 *)(p_attr16->p_next))->uuid_type == GATT_ATTR_UUID_TYPE_16) ? 5 :19;
254
255 if (mtu >= len)
256 {
257 UINT8_TO_STREAM(p, p_attr16->p_value->char_decl.property);
258 UINT16_TO_STREAM(p, p_attr16->p_value->char_decl.char_val_handle);
259
260 if (((tGATT_ATTR16 *)(p_attr16->p_next))->uuid_type == GATT_ATTR_UUID_TYPE_16)
261 {
262 UINT16_TO_STREAM(p, ((tGATT_ATTR16 *)(p_attr16->p_next))->uuid);
263 }
264 else
265 {
266 ARRAY_TO_STREAM (p, ((tGATT_ATTR128 *)(p_attr16->p_next))->uuid, LEN_UUID_128);
267 }
268 status = GATT_SUCCESS;
269 }
270
271 }
272 else if (uuid16 == GATT_UUID_INCLUDE_SERVICE)
273 {
274 len = (p_attr16->p_value->incl_handle.service_type.len == 2) ? 6 : 4;
275 if (mtu >= len)
276 {
277 UINT16_TO_STREAM(p, p_attr16->p_value->incl_handle.s_handle);
278 UINT16_TO_STREAM(p, p_attr16->p_value->incl_handle.e_handle);
279
280 if (p_attr16->p_value->incl_handle.service_type.len == 2)
281 {
282 UINT16_TO_STREAM(p, p_attr16->p_value->incl_handle.service_type.uu.uuid16);
283 }
284 status = GATT_SUCCESS;
285 }
286 }
287 else /* characteristic description or characteristic value */
288 {
289 status = GATT_PENDING;
290 }
291
292 *p_len = len;
293 *p_data = p;
294 return status;
295 }
296
297 /*******************************************************************************
298 **
299 ** Function gatts_db_read_attr_value_by_type
300 **
301 ** Description Query attribute value by attribute type.
302 **
303 ** Parameter p_db: pointer to the attribute database.
304 ** p_rsp: Read By type response data.
305 ** s_handle: starting handle of the range we are looking for.
306 ** e_handle: ending handle of the range we are looking for.
307 ** type: Attribute type.
308 ** mtu: MTU.
309 ** sec_flag: current link security status.
310 ** key_size: encryption key size.
311 **
312 ** Returns Status of the operation.
313 **
314 *******************************************************************************/
gatts_db_read_attr_value_by_type(tGATT_TCB * p_tcb,tGATT_SVC_DB * p_db,UINT8 op_code,BT_HDR * p_rsp,UINT16 s_handle,UINT16 e_handle,tBT_UUID type,UINT16 * p_len,tGATT_SEC_FLAG sec_flag,UINT8 key_size,UINT32 trans_id,UINT16 * p_cur_handle)315 tGATT_STATUS gatts_db_read_attr_value_by_type (tGATT_TCB *p_tcb,
316 tGATT_SVC_DB *p_db,
317 UINT8 op_code,
318 BT_HDR *p_rsp,
319 UINT16 s_handle,
320 UINT16 e_handle,
321 tBT_UUID type,
322 UINT16 *p_len,
323 tGATT_SEC_FLAG sec_flag,
324 UINT8 key_size,
325 UINT32 trans_id,
326 UINT16 *p_cur_handle)
327 {
328 tGATT_STATUS status = GATT_NOT_FOUND;
329 tGATT_ATTR16 *p_attr;
330 UINT16 len = 0;
331 UINT8 *p = (UINT8 *)(p_rsp + 1) + p_rsp->len + L2CAP_MIN_OFFSET;
332 tBT_UUID attr_uuid;
333
334 if (p_db && p_db->p_attr_list)
335 {
336 p_attr = (tGATT_ATTR16 *)p_db->p_attr_list;
337
338 while (p_attr && p_attr->handle <= e_handle)
339 {
340 if (p_attr->uuid_type == GATT_ATTR_UUID_TYPE_16)
341 {
342 attr_uuid.len = LEN_UUID_16;
343 attr_uuid.uu.uuid16 = p_attr->uuid;
344 }
345 else
346 {
347 attr_uuid.len = LEN_UUID_128;
348 memcpy(attr_uuid.uu.uuid128, ((tGATT_ATTR128 *)p_attr)->uuid, LEN_UUID_128);
349 }
350
351 if (p_attr->handle >= s_handle && gatt_uuid_compare(type, attr_uuid))
352 {
353 if (*p_len <= 2)
354 {
355 status = GATT_NO_RESOURCES;
356 break;
357 }
358
359 UINT16_TO_STREAM (p, p_attr->handle);
360
361 status = read_attr_value ((void *)p_attr, 0, &p, FALSE, (UINT16)(*p_len -2), &len, sec_flag, key_size);
362
363 if (status == GATT_PENDING)
364 {
365 status = gatts_send_app_read_request(p_tcb, op_code, p_attr->handle, 0, trans_id);
366
367 /* one callback at a time */
368 break;
369 }
370 else if (status == GATT_SUCCESS)
371 {
372 if (p_rsp->offset == 0)
373 p_rsp->offset = len + 2;
374
375 if (p_rsp->offset == len + 2)
376 {
377 p_rsp->len += (len + 2);
378 *p_len -= (len + 2);
379 }
380 else
381 {
382 GATT_TRACE_ERROR0("format mismatch");
383 status = GATT_NO_RESOURCES;
384 break;
385 }
386 }
387 else
388 {
389 *p_cur_handle = p_attr->handle;
390 break;
391 }
392 }
393 p_attr = (tGATT_ATTR16 *)p_attr->p_next;
394 }
395 }
396
397 return status;
398 }
399
400 /*******************************************************************************
401 **
402 ** Function gatts_add_included_service
403 **
404 ** Description This function adds an included service into a database.
405 **
406 ** Parameter p_db: database pointer.
407 ** inc_srvc_type: included service type.
408 **
409 ** Returns Status of the operation.
410 **
411 *******************************************************************************/
gatts_add_included_service(tGATT_SVC_DB * p_db,UINT16 s_handle,UINT16 e_handle,tBT_UUID service)412 UINT16 gatts_add_included_service (tGATT_SVC_DB *p_db, UINT16 s_handle, UINT16 e_handle,
413 tBT_UUID service)
414 {
415 tGATT_ATTR16 *p_attr;
416
417 GATT_TRACE_DEBUG3("gatts_add_included_service: s_hdl = 0x%04x e_hdl = 0x%04x uuid = 0x%04x",
418 s_handle, e_handle, service.uu.uuid16);
419
420 if (service.len == 0 || s_handle == 0 || e_handle == 0)
421 {
422 GATT_TRACE_ERROR0("gatts_add_included_service Illegal Params.");
423 return 0;
424 }
425
426 if ((p_attr = (tGATT_ATTR16 *) allocate_attr_in_db(p_db, GATT_UUID_INCLUDE_SERVICE, NULL, GATT_PERM_READ)) != NULL)
427 {
428 if (copy_extra_byte_in_db(p_db, (void **)&p_attr->p_value, sizeof(tGATT_INCL_SRVC)))
429 {
430 p_attr->p_value->incl_handle.s_handle = s_handle;
431 p_attr->p_value->incl_handle.e_handle = e_handle;
432 memcpy(&p_attr->p_value->incl_handle.service_type, &service, sizeof(tBT_UUID));
433
434 return p_attr->handle;
435 }
436 else
437 {
438 deallocate_attr_in_db(p_db, p_attr);
439 }
440 }
441
442 return 0;
443 }
444
445 /*******************************************************************************
446 **
447 ** Function gatts_add_characteristic
448 **
449 ** Description This function add a characteristics and its descriptor into
450 ** a servce identified by the service database pointer.
451 **
452 ** Parameter p_db: database pointer.
453 ** perm: permission (authentication and key size requirements)
454 ** property: property of the characteristic.
455 ** p_char: characteristic value information.
456 **
457 ** Returns Status of te operation.
458 **
459 *******************************************************************************/
gatts_add_characteristic(tGATT_SVC_DB * p_db,tGATT_PERM perm,tGATT_CHAR_PROP property,tBT_UUID * p_char_uuid)460 UINT16 gatts_add_characteristic (tGATT_SVC_DB *p_db, tGATT_PERM perm,
461 tGATT_CHAR_PROP property,
462 tBT_UUID * p_char_uuid)
463 {
464 tGATT_ATTR16 *p_char_decl, *p_char_val;
465 UINT16 uuid16 = (p_char_uuid->len == LEN_UUID_16) ? p_char_uuid->uu.uuid16 : 0;
466
467 GATT_TRACE_DEBUG2("gatts_add_characteristic perm=0x%0x property=0x%0x", perm, property);
468
469 if ((p_char_decl = (tGATT_ATTR16 *)allocate_attr_in_db(p_db, GATT_UUID_CHAR_DECLARE, NULL, GATT_PERM_READ)) != NULL)
470 {
471 if (!copy_extra_byte_in_db(p_db, (void **)&p_char_decl->p_value, sizeof(tGATT_CHAR_DECL)))
472 {
473 deallocate_attr_in_db(p_db, p_char_decl);
474 return 0;
475 }
476
477 p_char_val = (tGATT_ATTR16 *)allocate_attr_in_db(p_db, uuid16, p_char_uuid->uu.uuid128, perm);
478
479 if (p_char_val == NULL)
480 {
481 deallocate_attr_in_db(p_db, p_char_decl);
482 return 0;
483 }
484
485 p_char_decl->p_value->char_decl.property = property;
486 p_char_decl->p_value->char_decl.char_val_handle = p_char_val->handle;
487
488 p_char_val->p_value = NULL;
489
490 return p_char_val->handle;
491 }
492
493 return 0;
494 }
495
496 /*******************************************************************************
497 **
498 ** Function gatt_convertchar_descr_type
499 **
500 ** Description This function convert a char descript UUID into descriptor type.
501 **
502 ** Returns descriptor type.
503 **
504 *******************************************************************************/
gatt_convertchar_descr_type(tBT_UUID * p_descr_uuid)505 UINT8 gatt_convertchar_descr_type(tBT_UUID *p_descr_uuid)
506 {
507 tBT_UUID std_descr = {LEN_UUID_16, {GATT_UUID_CHAR_EXT_PROP}};
508
509 if (gatt_uuid_compare(std_descr, * p_descr_uuid))
510 return GATT_DESCR_EXT_DSCPTOR;
511
512 std_descr.uu.uuid16 ++;
513 if (gatt_uuid_compare(std_descr, * p_descr_uuid))
514 return GATT_DESCR_USER_DSCPTOR;
515
516 std_descr.uu.uuid16 ++;
517 if (gatt_uuid_compare(std_descr, * p_descr_uuid))
518 return GATT_DESCR_CLT_CONFIG;
519
520 std_descr.uu.uuid16 ++;
521 if (gatt_uuid_compare(std_descr, * p_descr_uuid))
522 return GATT_DESCR_SVR_CONFIG;
523
524 std_descr.uu.uuid16 ++;
525 if (gatt_uuid_compare(std_descr, * p_descr_uuid))
526 return GATT_DESCR_PRES_FORMAT;
527
528 std_descr.uu.uuid16 ++;
529 if (gatt_uuid_compare(std_descr, * p_descr_uuid))
530 return GATT_DESCR_AGGR_FORMAT;
531
532 std_descr.uu.uuid16 ++;
533 if (gatt_uuid_compare(std_descr, * p_descr_uuid))
534 return GATT_DESCR_VALID_RANGE;
535
536
537 return GATT_DESCR_UNKNOWN;
538 }
539
540 /*******************************************************************************
541 **
542 ** Function gatts_add_char_descr
543 **
544 ** Description This function add a characteristics descriptor.
545 **
546 ** Parameter p_db: database pointer.
547 ** perm: characteristic descriptor permission type.
548 ** char_dscp_tpye: the characteristic descriptor masks.
549 ** p_dscp_params: characteristic descriptors values.
550 **
551 ** Returns Status of the operation.
552 **
553 *******************************************************************************/
gatts_add_char_descr(tGATT_SVC_DB * p_db,tGATT_PERM perm,tBT_UUID * p_descr_uuid)554 UINT16 gatts_add_char_descr (tGATT_SVC_DB *p_db, tGATT_PERM perm,
555 tBT_UUID * p_descr_uuid)
556 {
557 tGATT_ATTR16 *p_char_dscptr;
558 UINT16 uuid16 = (p_descr_uuid->len == LEN_UUID_16)? p_descr_uuid->uu.uuid16 : 0;
559
560 GATT_TRACE_DEBUG1("gatts_add_char_descr uuid=0x%04x", p_descr_uuid->uu.uuid16);
561
562 /* Add characteristic descriptors */
563 if ((p_char_dscptr = (tGATT_ATTR16 *)allocate_attr_in_db(p_db,
564 uuid16,
565 p_descr_uuid->uu.uuid128,
566 perm))
567 == NULL)
568 {
569 GATT_TRACE_DEBUG0("gatts_add_char_descr Fail for adding char descriptors.");
570 return 0;
571 }
572 else
573 {
574 return p_char_dscptr->handle;
575 }
576 }
577
578 /*******************************************************************************/
579 /* Service Attribute Database Query Utility Functions */
580 /*******************************************************************************/
581 /*******************************************************************************
582 **
583 ** Function gatts_read_attr_value_by_handle
584 **
585 ** Description Query attribute value by attribute handle.
586 **
587 ** Parameter p_db: pointer to the attribute database.
588 ** handle: Attribute handle to read.
589 ** offset: Read offset.
590 ** p_value: output parameter to carry out the attribute value.
591 ** p_len: output parameter as attribute length read.
592 ** read_long: this is a read blob request.
593 ** mtu: MTU.
594 ** sec_flag: current link security status.
595 ** key_size: encryption key size
596 **
597 ** Returns Status of operation.
598 **
599 *******************************************************************************/
gatts_read_attr_value_by_handle(tGATT_TCB * p_tcb,tGATT_SVC_DB * p_db,UINT8 op_code,UINT16 handle,UINT16 offset,UINT8 * p_value,UINT16 * p_len,UINT16 mtu,tGATT_SEC_FLAG sec_flag,UINT8 key_size,UINT32 trans_id)600 tGATT_STATUS gatts_read_attr_value_by_handle(tGATT_TCB *p_tcb,
601 tGATT_SVC_DB *p_db,
602 UINT8 op_code,
603 UINT16 handle, UINT16 offset,
604 UINT8 *p_value, UINT16 *p_len,
605 UINT16 mtu,
606 tGATT_SEC_FLAG sec_flag,
607 UINT8 key_size,
608 UINT32 trans_id)
609 {
610 tGATT_STATUS status = GATT_NOT_FOUND;
611 tGATT_ATTR16 *p_attr;
612 UINT8 *pp = p_value;
613
614 if (p_db && p_db->p_attr_list)
615 {
616 p_attr = (tGATT_ATTR16 *)p_db->p_attr_list;
617
618 while (p_attr && handle >= p_attr->handle)
619 {
620 if (p_attr->handle == handle)
621 {
622 status = read_attr_value (p_attr, offset, &pp,
623 (BOOLEAN)(op_code == GATT_REQ_READ_BLOB),
624 mtu, p_len, sec_flag, key_size);
625
626 if (status == GATT_PENDING)
627 {
628 status = gatts_send_app_read_request(p_tcb, op_code, p_attr->handle, offset, trans_id);
629 }
630 break;
631 }
632 p_attr = (tGATT_ATTR16 *)p_attr->p_next;
633 }
634 }
635
636 return status;
637 }
638
639 /*******************************************************************************
640 **
641 ** Function gatts_read_attr_perm_check
642 **
643 ** Description Check attribute readability.
644 **
645 ** Parameter p_db: pointer to the attribute database.
646 ** handle: Attribute handle to read.
647 ** offset: Read offset.
648 ** p_value: output parameter to carry out the attribute value.
649 ** p_len: output parameter as attribute length read.
650 ** read_long: this is a read blob request.
651 ** mtu: MTU.
652 ** sec_flag: current link security status.
653 ** key_size: encryption key size
654 **
655 ** Returns Status of operation.
656 **
657 *******************************************************************************/
gatts_read_attr_perm_check(tGATT_SVC_DB * p_db,BOOLEAN is_long,UINT16 handle,tGATT_SEC_FLAG sec_flag,UINT8 key_size)658 tGATT_STATUS gatts_read_attr_perm_check(tGATT_SVC_DB *p_db,
659 BOOLEAN is_long,
660 UINT16 handle,
661 tGATT_SEC_FLAG sec_flag,
662 UINT8 key_size)
663 {
664 tGATT_STATUS status = GATT_NOT_FOUND;
665 tGATT_ATTR16 *p_attr;
666
667 if (p_db && p_db->p_attr_list)
668 {
669 p_attr = (tGATT_ATTR16 *)p_db->p_attr_list;
670
671 while (p_attr && handle >= p_attr->handle)
672 {
673 if (p_attr->handle == handle)
674 {
675 status = gatts_check_attr_readability (p_attr, 0,
676 is_long,
677 sec_flag, key_size);
678 break;
679 }
680 p_attr = (tGATT_ATTR16 *) p_attr->p_next;
681 }
682 }
683
684 return status;
685 }
686 /*******************************************************************************
687 **
688 ** Function gatts_write_attr_perm_check
689 **
690 ** Description Write attribute value into database.
691 **
692 ** Parameter p_db: pointer to the attribute database.
693 ** op_code:op code of this write.
694 ** handle: handle of the attribute to write.
695 ** offset: Write offset if write op code is write blob.
696 ** p_data: Attribute value to write.
697 ** len: attribute data length.
698 ** sec_flag: current link security status.
699 ** key_size: encryption key size
700 **
701 ** Returns Status of the operation.
702 **
703 *******************************************************************************/
gatts_write_attr_perm_check(tGATT_SVC_DB * p_db,UINT8 op_code,UINT16 handle,UINT16 offset,UINT8 * p_data,UINT16 len,tGATT_SEC_FLAG sec_flag,UINT8 key_size)704 tGATT_STATUS gatts_write_attr_perm_check (tGATT_SVC_DB *p_db, UINT8 op_code,
705 UINT16 handle, UINT16 offset, UINT8 *p_data,
706 UINT16 len, tGATT_SEC_FLAG sec_flag, UINT8 key_size)
707 {
708 tGATT_STATUS status = GATT_NOT_FOUND;
709 tGATT_ATTR16 *p_attr;
710 UINT16 max_size = 0;
711 tGATT_PERM perm;
712 UINT16 min_key_size;
713
714 GATT_TRACE_DEBUG6( "gatts_write_attr_perm_check op_code=0x%0x handle=0x%04x offset=%d len=%d sec_flag=0x%0x key_size=%d",
715 op_code, handle, offset, len, sec_flag, key_size);
716
717 if (p_db != NULL)
718 {
719 p_attr = (tGATT_ATTR16 *) p_db->p_attr_list;
720
721 while (p_attr != NULL)
722 {
723 if (p_attr->handle == handle)
724 {
725 perm = p_attr->permission;
726 min_key_size = (((perm & GATT_ENCRYPT_KEY_SIZE_MASK) >> 12));
727 if (min_key_size != 0 )
728 {
729 min_key_size +=6;
730 }
731 GATT_TRACE_DEBUG2( "gatts_write_attr_perm_check p_attr->permission =0x%04x min_key_size==0x%04x",
732 p_attr->permission,
733 min_key_size);
734
735 if ((op_code == GATT_CMD_WRITE || op_code == GATT_REQ_WRITE)
736 && (perm & GATT_WRITE_SIGNED_PERM))
737 {
738 /* use the rules for the mixed security see section 10.2.3*/
739 /* use security mode 1 level 2 when the following condition follows */
740 /* LE security mode 2 level 1 and LE security mode 1 level 2 */
741 if ((perm & GATT_PERM_WRITE_SIGNED) && (perm & GATT_PERM_WRITE_ENCRYPTED))
742 {
743 perm = GATT_PERM_WRITE_ENCRYPTED;
744 }
745 /* use security mode 1 level 3 when the following condition follows */
746 /* LE security mode 2 level 2 and security mode 1 and LE */
747 else if (((perm & GATT_PERM_WRITE_SIGNED_MITM) && (perm & GATT_PERM_WRITE_ENCRYPTED)) ||
748 /* LE security mode 2 and security mode 1 level 3 */
749 ((perm & GATT_WRITE_SIGNED_PERM) && (perm & GATT_PERM_WRITE_ENC_MITM)))
750 {
751 perm = GATT_PERM_WRITE_ENC_MITM;
752 }
753 }
754
755 if ((op_code == GATT_SIGN_CMD_WRITE) && !(perm & GATT_WRITE_SIGNED_PERM))
756 {
757 status = GATT_WRITE_NOT_PERMIT;
758 GATT_TRACE_DEBUG0( "gatts_write_attr_perm_check - sign cmd write not allowed");
759 }
760 if ((op_code == GATT_SIGN_CMD_WRITE) && (sec_flag & GATT_SEC_FLAG_ENCRYPTED))
761 {
762 status = GATT_INVALID_PDU;
763 GATT_TRACE_ERROR0( "gatts_write_attr_perm_check - Error!! sign cmd write sent on a encypted link");
764 }
765 else if (!(perm & GATT_WRITE_ALLOWED))
766 {
767 status = GATT_WRITE_NOT_PERMIT;
768 GATT_TRACE_ERROR0( "gatts_write_attr_perm_check - GATT_WRITE_NOT_PERMIT");
769 }
770 /* require authentication, but not been authenticated */
771 else if ((perm & GATT_WRITE_AUTH_REQUIRED ) && !(sec_flag & GATT_SEC_FLAG_LKEY_UNAUTHED))
772 {
773 status = GATT_INSUF_AUTHENTICATION;
774 GATT_TRACE_ERROR0( "gatts_write_attr_perm_check - GATT_INSUF_AUTHENTICATION");
775 }
776 else if ((perm & GATT_WRITE_MITM_REQUIRED ) && !(sec_flag & GATT_SEC_FLAG_LKEY_AUTHED))
777 {
778 status = GATT_INSUF_AUTHENTICATION;
779 GATT_TRACE_ERROR0( "gatts_write_attr_perm_check - GATT_INSUF_AUTHENTICATION: MITM required");
780 }
781 else if ((perm & GATT_WRITE_ENCRYPTED_PERM ) && !(sec_flag & GATT_SEC_FLAG_ENCRYPTED))
782 {
783 status = GATT_INSUF_ENCRYPTION;
784 GATT_TRACE_ERROR0( "gatts_write_attr_perm_check - GATT_INSUF_ENCRYPTION");
785 }
786 else if ((perm & GATT_WRITE_ENCRYPTED_PERM ) && (sec_flag & GATT_SEC_FLAG_ENCRYPTED) && (key_size < min_key_size))
787 {
788 status = GATT_INSUF_KEY_SIZE;
789 GATT_TRACE_ERROR0( "gatts_write_attr_perm_check - GATT_INSUF_KEY_SIZE");
790 }
791 /* LE security mode 2 attribute */
792 else if (perm & GATT_WRITE_SIGNED_PERM && op_code != GATT_SIGN_CMD_WRITE && !(sec_flag & GATT_SEC_FLAG_ENCRYPTED))
793 {
794 status = GATT_INSUF_AUTHENTICATION;
795 GATT_TRACE_ERROR0( "gatts_write_attr_perm_check - GATT_INSUF_AUTHENTICATION: LE security mode 2 required");
796 }
797 else /* writable: must be char value declaration or char descritpors */
798 {
799 if(p_attr->uuid_type == GATT_ATTR_UUID_TYPE_16)
800 {
801 switch (p_attr->uuid)
802 {
803 case GATT_UUID_CHAR_PRESENT_FORMAT:/* should be readable only */
804 case GATT_UUID_CHAR_EXT_PROP:/* should be readable only */
805 case GATT_UUID_CHAR_AGG_FORMAT: /* should be readable only */
806 case GATT_UUID_CHAR_VALID_RANGE:
807 status = GATT_WRITE_NOT_PERMIT;
808 break;
809
810 case GATT_UUID_CHAR_CLIENT_CONFIG:
811 /* coverity[MISSING_BREAK] */
812 /* intnended fall through, ignored */
813 /* fall through */
814 case GATT_UUID_CHAR_SRVR_CONFIG:
815 max_size = 2;
816 case GATT_UUID_CHAR_DESCRIPTION:
817 default: /* any other must be character value declaration */
818 status = GATT_SUCCESS;
819 break;
820 }
821 }
822 else if (p_attr->uuid_type == GATT_ATTR_UUID_TYPE_128)
823 {
824 status = GATT_SUCCESS;
825 }
826 else
827 {
828 status = GATT_INVALID_PDU;
829 }
830
831 if (p_data == NULL && len > 0)
832 {
833 status = GATT_INVALID_PDU;
834 }
835 /* these attribute does not allow write blob */
836 // btla-specific ++
837 else if ( (p_attr->uuid_type == GATT_ATTR_UUID_TYPE_16) &&
838 (p_attr->uuid == GATT_UUID_CHAR_CLIENT_CONFIG ||
839 p_attr->uuid == GATT_UUID_CHAR_SRVR_CONFIG) )
840 // btla-specific --
841 {
842 if (op_code == GATT_REQ_PREPARE_WRITE && offset != 0) /* does not allow write blob */
843 {
844 status = GATT_NOT_LONG;
845 GATT_TRACE_ERROR0( "gatts_write_attr_perm_check - GATT_NOT_LONG");
846 }
847 else if (len != max_size) /* data does not match the required format */
848 {
849 status = GATT_INVALID_ATTR_LEN;
850 GATT_TRACE_ERROR0( "gatts_write_attr_perm_check - GATT_INVALID_PDU");
851 }
852 else
853 {
854 status = GATT_SUCCESS;
855 }
856 }
857 }
858 break;
859 }
860 else
861 p_attr = (tGATT_ATTR16 *)p_attr->p_next;
862 }
863 }
864
865 return status;
866 }
867
868 /*******************************************************************************
869 **
870 ** Function allocate_attr_in_db
871 **
872 ** Description Allocate a memory space for a new attribute, and link this
873 ** attribute into the database attribute list.
874 **
875 **
876 ** Parameter p_db : database pointer.
877 ** service : type of attribute to be added.
878 **
879 ** Returns pointer to the newly allocated attribute.
880 **
881 *******************************************************************************/
allocate_attr_in_db(tGATT_SVC_DB * p_db,UINT16 uuid16,UINT8 * uuid128,tGATT_PERM perm)882 static void *allocate_attr_in_db(tGATT_SVC_DB *p_db, UINT16 uuid16, UINT8 *uuid128, tGATT_PERM perm)
883 {
884 tGATT_ATTR16 *p_attr16 = NULL, *p_last;
885 tGATT_ATTR128 *p_attr128 = NULL;
886 UINT16 len = (uuid16 == 0) ? sizeof(tGATT_ATTR128): sizeof(tGATT_ATTR16);
887
888 GATT_TRACE_DEBUG1("allocate attr %d bytes ",len);
889
890 if (uuid16 == GATT_ILLEGAL_UUID && uuid128 == NULL)
891 {
892 GATT_TRACE_ERROR0("illegal UUID");
893 return NULL;
894 }
895
896 if (p_db->end_handle <= p_db->next_handle)
897 {
898 GATT_TRACE_DEBUG2("handle space full. handle_max = %d next_handle = %d",
899 p_db->end_handle, p_db->next_handle);
900 return NULL;
901 }
902
903 if (p_db->mem_free < len)
904 {
905 if (!allocate_svc_db_buf(p_db))
906 {
907 GATT_TRACE_ERROR0("allocate_attr_in_db failed, no resources");
908 return NULL;
909 }
910 }
911
912 p_attr16 = (tGATT_ATTR16 *) p_db->p_free_mem;
913 p_attr128 = (tGATT_ATTR128 *) p_db->p_free_mem;
914
915 memset(p_attr16, 0, len);
916
917 if (uuid16 != GATT_ILLEGAL_UUID)
918 {
919 p_attr16->uuid_type = GATT_ATTR_UUID_TYPE_16;
920 p_attr16->uuid = uuid16;
921 }
922 else
923 {
924 p_attr128->uuid_type = GATT_ATTR_UUID_TYPE_128;
925 memcpy(p_attr128->uuid, uuid128, LEN_UUID_128);
926 }
927
928 p_db->p_free_mem += len;
929 p_db->mem_free -= len;
930
931 p_attr16->handle = p_db->next_handle++;
932 p_attr16->permission = perm;
933 p_attr16->p_next = NULL;
934
935 /* link the attribute record into the end of DB */
936 if (p_db->p_attr_list == NULL)
937 p_db->p_attr_list = p_attr16;
938 else
939 {
940 p_last = (tGATT_ATTR16 *)p_db->p_attr_list;
941
942 while (p_last != NULL && p_last->p_next != NULL)
943 p_last = (tGATT_ATTR16 *)p_last->p_next;
944
945 p_last->p_next = p_attr16;
946 }
947
948 if (p_attr16->uuid_type == GATT_ATTR_UUID_TYPE_16)
949 {
950 GATT_TRACE_DEBUG3("=====> handle = [0x%04x] uuid = [0x%04x] perm=0x%02x ",
951 p_attr16->handle, p_attr16->uuid, p_attr16->permission);
952 }
953 else
954 {
955 GATT_TRACE_DEBUG4("=====> handle = [0x%04x] uuid128 = [0x%02x:0x%02x] perm=0x%02x ",
956 p_attr128->handle, p_attr128->uuid[0],p_attr128->uuid[1],
957 p_attr128->permission);
958 }
959 return(void *)p_attr16;
960 }
961
962 /*******************************************************************************
963 **
964 ** Function deallocate_attr_in_db
965 **
966 ** Description Free an attribute within the database.
967 **
968 ** Parameter p_db: database pointer.
969 ** p_attr: pointer to the attribute record to be freed.
970 **
971 ** Returns BOOLEAN: success
972 **
973 *******************************************************************************/
deallocate_attr_in_db(tGATT_SVC_DB * p_db,void * p_attr)974 static BOOLEAN deallocate_attr_in_db(tGATT_SVC_DB *p_db, void *p_attr)
975 {
976 tGATT_ATTR16 *p_cur, *p_next;
977 BOOLEAN found = FALSE;
978
979 if (p_db->p_attr_list == NULL)
980 return found;
981
982 p_cur = (tGATT_ATTR16 *) p_db->p_attr_list;
983 p_next = (tGATT_ATTR16 *) p_cur->p_next;
984
985 for (; p_cur != NULL && p_next != NULL;
986 p_cur = p_next, p_next = (tGATT_ATTR16 *)p_next->p_next)
987 {
988 if (p_next == p_attr)
989 {
990 p_cur->p_next = p_next->p_next;
991 found = TRUE;
992 }
993 }
994 if (p_cur == p_attr && p_cur == p_db->p_attr_list)
995 {
996 p_db->p_attr_list = p_cur->p_next;
997 found = TRUE;
998 }
999 /* else attr not found */
1000 if ( found)
1001 p_db->next_handle --;
1002
1003 return found;
1004 }
1005
1006 /*******************************************************************************
1007 **
1008 ** Function copy_extra_byte_in_db
1009 **
1010 ** Description Utility function to allocate extra bytes memory in DB and copy
1011 ** the value from a source place.
1012 **
1013 **
1014 ** Parameter p_db: database pointer.
1015 ** p_dst: destination data pointer.
1016 ** p_src: source data pointer.
1017 ** len: data length to be copied.
1018 **
1019 ** Returns None.
1020 **
1021 *******************************************************************************/
copy_extra_byte_in_db(tGATT_SVC_DB * p_db,void ** p_dst,UINT16 len)1022 static BOOLEAN copy_extra_byte_in_db(tGATT_SVC_DB *p_db, void **p_dst, UINT16 len)
1023 {
1024 UINT8 *p = (UINT8 *)*p_dst;
1025
1026 if (p_db->mem_free < len)
1027 {
1028 if (!allocate_svc_db_buf(p_db))
1029 {
1030 GATT_TRACE_ERROR0("copy_extra_byte_in_db failed, no resources");
1031 return FALSE;
1032 }
1033 }
1034
1035 p = p_db->p_free_mem;
1036 p_db->p_free_mem += len;
1037 p_db->mem_free -= len;
1038 memset((void *)p, 0, len);
1039 *p_dst = (void *)p;
1040
1041 return TRUE;
1042 }
1043
1044 /*******************************************************************************
1045 **
1046 ** Function allocate_svc_db_buf
1047 **
1048 ** Description Utility function to allocate extra buffer for service database.
1049 **
1050 ** Returns TRUE if allocation succeed, otherwise FALSE.
1051 **
1052 *******************************************************************************/
allocate_svc_db_buf(tGATT_SVC_DB * p_db)1053 static BOOLEAN allocate_svc_db_buf(tGATT_SVC_DB *p_db)
1054 {
1055 BT_HDR *p_buf;
1056
1057 GATT_TRACE_DEBUG0("allocate_svc_db_buf allocating extra buffer");
1058
1059 if ((p_buf = (BT_HDR *)GKI_getpoolbuf(GATT_DB_POOL_ID)) == NULL)
1060 {
1061 GATT_TRACE_ERROR0("allocate_svc_db_buf failed, no resources");
1062 return FALSE;
1063 }
1064
1065 memset(p_buf, 0, GKI_get_buf_size(p_buf));
1066 p_db->p_free_mem = (UINT8 *) p_buf;
1067 p_db->mem_free = GKI_get_buf_size(p_buf);
1068
1069 GKI_enqueue(&p_db->svc_buffer, p_buf);
1070
1071 return TRUE;
1072
1073 }
1074
1075 /*******************************************************************************
1076 **
1077 ** Function gatts_send_app_read_request
1078 **
1079 ** Description Send application read request callback
1080 **
1081 ** Returns status of operation.
1082 **
1083 *******************************************************************************/
gatts_send_app_read_request(tGATT_TCB * p_tcb,UINT8 op_code,UINT16 handle,UINT16 offset,UINT32 trans_id)1084 static tGATT_STATUS gatts_send_app_read_request(tGATT_TCB *p_tcb, UINT8 op_code,
1085 UINT16 handle, UINT16 offset, UINT32 trans_id)
1086 {
1087 tGATTS_DATA sr_data;
1088 UINT8 i_rcb;
1089 tGATT_SR_REG *p_sreg;
1090 UINT16 conn_id;
1091
1092 i_rcb = gatt_sr_find_i_rcb_by_handle(handle);
1093 p_sreg = &gatt_cb.sr_reg[i_rcb];
1094 conn_id = GATT_CREATE_CONN_ID(p_tcb->tcb_idx, p_sreg->gatt_if);
1095
1096 if (trans_id == 0)
1097 {
1098 trans_id = gatt_sr_enqueue_cmd(p_tcb, op_code, handle);
1099 gatt_sr_update_cback_cnt(p_tcb, p_sreg->gatt_if, TRUE, TRUE);
1100 }
1101
1102 if (trans_id != 0 )
1103 {
1104 memset(&sr_data, 0, sizeof(tGATTS_DATA));
1105
1106 sr_data.read_req.handle = handle;
1107 sr_data.read_req.is_long = (BOOLEAN)(op_code == GATT_REQ_READ_BLOB);
1108 sr_data.read_req.offset = offset;
1109
1110 gatt_sr_send_req_callback(conn_id,
1111 trans_id, GATTS_REQ_TYPE_READ, &sr_data);
1112 return(tGATT_STATUS) GATT_PENDING;
1113 }
1114 else
1115 return(tGATT_STATUS) GATT_BUSY; /* max pending command, application error */
1116
1117 }
1118
1119 /*******************************************************************************
1120 **
1121 ** Function gatts_db_add_service_declaration
1122 **
1123 ** Description Update a service database service declaration record.
1124 **
1125 ** Parameter p_db: database pointer.
1126 ** service: UUID of the service.
1127 **
1128 ** Returns void
1129 **
1130 *******************************************************************************/
gatts_db_add_service_declaration(tGATT_SVC_DB * p_db,tBT_UUID service,BOOLEAN is_pri)1131 static void gatts_db_add_service_declaration(tGATT_SVC_DB *p_db, tBT_UUID service, BOOLEAN is_pri)
1132 {
1133 tGATT_ATTR16 *p_attr;
1134 UINT16 service_type = is_pri ? GATT_UUID_PRI_SERVICE: GATT_UUID_SEC_SERVICE;
1135
1136 GATT_TRACE_DEBUG0( "add_service_declaration");
1137
1138 /* add service declration record */
1139 if ((p_attr = (tGATT_ATTR16 *)(allocate_attr_in_db(p_db, service_type, NULL, GATT_PERM_READ))) != NULL)
1140 {
1141 if (copy_extra_byte_in_db (p_db, (void **)&p_attr->p_value, sizeof(tBT_UUID)))
1142 {
1143 memcpy (&p_attr->p_value->uuid, &service, sizeof(tBT_UUID));
1144 }
1145 }
1146 }
1147
1148 #endif /* BLE_INCLUDED */
1149